Algorithms that enable Antivirus Software to use heuristics to detect new threats

Published: 01st June 2009
Views: N/A

Algorithms that enable antivirus software to use heuristics to detect new threats

Network communications are mainly subject to protocols, to which the software complies to enable two way communication. For example, when browsing the internet, the http protocol is used to get the elements of the page we want to view over port 80 of the socket network connection created to the computer which has the IP address associated with the page's address name. When you browse the net and a flash application starts to download itself, it is allowed to do so because it is known to not be able to insert any dangerous programs into memory. It is being run from the browser's window, so it is being identified as the browser by the firewall. That is why you must take extra care when downloading browser plug-ins and similar dangerous programs, because lacking an intelligent security system, there will be nothing to prevent a spyware browser plugin to download some more spyware to your computer.

What would an intelligent antivirus suite do to prevent such situations? It would test to see if the browser you are using has any dangerous plugins in its memory space, and possibly note the state that was found, and then not check anymore so as not to slow down the computer but track if the browser was restarted by checking it's process id every time it tries to access the internet. Browsers don't have the possibility to include plugins in themselves without the need to restart, and this is the reason why. If some kind of program makes it onto your computer, and cheats you into allowing it to access the Internet, what then? Then there should be a way for the antivirus to detect known patterns of behaviour typical to viruses and other malicious software, and suggest that some action be taken or just act upon its detection and prevent the program from accessing Internet, asking the user if he is sure that is what he wants. But what if the user doesn't know what he wants, and doesn't want to learn what not to do? They are working on that one.

--
Algorithms that enable antivirus software to use heuristics to detect new threats

Network communications are mainly subject to protocols, to which the software complies to enable two way communication. For example, when browsing the internet, the http protocol is used to get the elements of the page we want to view over port 80 of the socket network connection created to the computer which has the IP address associated with the page's address name. When you browse the net and a flash application starts to download itself, it is allowed to do so because it is known to not be able to insert any dangerous programs into memory.

Report this article Ask About This Article


Loading...
More to Explore